Comments (5)
This issue is fixed in 3.10.0. Thank you @knadkarni-splunk for creating this and giving details
from security_content.
@knadkarni-splunk : those work bench searches are intended to work with single artifacts only. There is no easy way currently to customize those with our current tooling.
from security_content.
@patel-bhavin Can't the panels be designed to take multiple values for tokens into account (Using delimiters ,value prefix and value suffix)? Can this be addressed in an upcoming release?
from security_content.
@knadkarni-splunk : After doing a bunch of testing/tweaks with our current script that generates es_investigations.conf
, it seems like we might be able to handle multiple values.
That said, it looks like a size-able amount of work as we'd have to update all the searches in the response tasks directory. Will keep you posted on when this will be ready
from security_content.
tracking this in https://github.com/splunk/security-content/pull/new/workbench_issue_697 -> no longer a correct branch
New branch: #987
from security_content.
Related Issues (20)
- [BUG] ESCU - Detect Excessive Account Lockouts From Endpoint HOT 3
- [BUG] O365 Mailbox Inbox Folder Shared with All Users. Field "object" doesn't exist. HOT 1
- [BUG] sourcetype macro not consistent across Azure AD correlations HOT 2
- pre trained Deep Learning models for ESCU - Support for DSDL Version 5.1.1 HOT 1
- [BUG] - Unknown Process Using The Kerberos Protocol is too noisy HOT 3
- [BUG] Linux Service Started Or Enabled triggering on Windows events HOT 2
- [BUG] Build is not working HOT 6
- Consider adding Scope for search Azure AD Tenant Wide Admin Consent Granted HOT 1
- [BUG] DNS Query Length With High Standard Deviation HOT 1
- [BUG] Datasource is set incorrectly on this detection
- [BUG] ESCU - Get ADUser with PowerShell - Rule has no Adaptive Reponse Actions HOT 3
- Scheduled Task Initiation on Remote Endpoint - Update Analytics
- Azure AD Multi-Source Failed Authentications Spike - Missing ADFSSignInLogs category
- Minor malicious_powershell_process___encoded_command search update
- [BUG] Detections with joins failed to properly translate to Sigma
- [BUG] Missing Wildcards in Splunk Rule for Detecting Known Services Killed by Ransomware
- [BUG] Incorrect logic statement in detection search "Detect Renamed PSExec"
- [BUG] please, fix links in wiki: https://github.com/splunk/security_content/wiki/Detection-Analytic-Types HOT 1
- [BUG] browser_app_list lookup doesn't exist in indexers, causing query to fail in "Windows Credential Access From Browser Password Store" HOT 1
- [BUG] `Message` vs. `ScriptBlockText` for Powershell rules HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from security_content.